diff options
author | zeripath <art27@cantab.net> | 2019-11-14 20:06:02 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-11-14 20:06:02 +0000 |
commit | ae36ed7ecb454e1b43f879b0c40b570a297d4cca (patch) | |
tree | 35fcfd2a472f96488ee2b6245ce5129bb18a2021 /routers/admin | |
parent | 665ce1dcb36727f46a7261366528fbe68733b6f0 (diff) | |
download | gitea-ae36ed7ecb454e1b43f879b0c40b570a297d4cca.tar.gz gitea-ae36ed7ecb454e1b43f879b0c40b570a297d4cca.zip |
Shadow password correctly for session config (#8984)
Fix #8718
This PR shadows passwords in session config correctly by detecting
the VirtualProvider, unmarshalling the original config and then
shadowing config within that.
Diffstat (limited to 'routers/admin')
-rw-r--r-- | routers/admin/admin.go | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/routers/admin/admin.go b/routers/admin/admin.go index 538d01f9a4..4c4738ae8c 100644 --- a/routers/admin/admin.go +++ b/routers/admin/admin.go @@ -6,6 +6,7 @@ package admin import ( + "encoding/json" "fmt" "net/url" "os" @@ -25,6 +26,7 @@ import ( "code.gitea.io/gitea/services/mailer" "gitea.com/macaron/macaron" + "gitea.com/macaron/session" "github.com/unknwon/com" ) @@ -207,7 +209,7 @@ func SendTestMail(ctx *context.Context) { ctx.Redirect(setting.AppSubURL + "/admin/config") } -func shadownPasswordKV(cfgItem, splitter string) string { +func shadowPasswordKV(cfgItem, splitter string) string { fields := strings.Split(cfgItem, splitter) for i := 0; i < len(fields); i++ { if strings.HasPrefix(fields[i], "password=") { @@ -218,10 +220,10 @@ func shadownPasswordKV(cfgItem, splitter string) string { return strings.Join(fields, splitter) } -func shadownURL(provider, cfgItem string) string { +func shadowURL(provider, cfgItem string) string { u, err := url.Parse(cfgItem) if err != nil { - log.Error("shodowPassword %v failed: %v", provider, err) + log.Error("Shadowing Password for %v failed: %v", provider, err) return cfgItem } if u.User != nil { @@ -239,7 +241,7 @@ func shadownURL(provider, cfgItem string) string { func shadowPassword(provider, cfgItem string) string { switch provider { case "redis": - return shadownPasswordKV(cfgItem, ",") + return shadowPasswordKV(cfgItem, ",") case "mysql": //root:@tcp(localhost:3306)/macaron?charset=utf8 atIdx := strings.Index(cfgItem, "@") @@ -253,15 +255,21 @@ func shadowPassword(provider, cfgItem string) string { case "postgres": // user=jiahuachen dbname=macaron port=5432 sslmode=disable if !strings.HasPrefix(cfgItem, "postgres://") { - return shadownPasswordKV(cfgItem, " ") + return shadowPasswordKV(cfgItem, " ") } - + fallthrough + case "couchbase": + return shadowURL(provider, cfgItem) // postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full - // Notice: use shadwonURL + // Notice: use shadowURL + case "VirtualSession": + var realSession session.Options + if err := json.Unmarshal([]byte(cfgItem), &realSession); err == nil { + return shadowPassword(realSession.Provider, realSession.ProviderConfig) + } } - // "couchbase" - return shadownURL(provider, cfgItem) + return cfgItem } // Config show admin config page |